Next-Gen Firewalls Change The Rules Of Firewall Management

Layers of complexity in network firewalls create the need for a systematic change management approach.

As enterprises increasingly incorporate next-generation firewalls into their security repertoires, they are gaining a greater potential for more precise control over applications and user behavior at the perimeter. But there's potential for something else as well: added complexity by way of the increased odds for misconfiguration and change management mishaps. The odds increase even further if firewall management is already a problem in their traditional firewall portfolios.

"Firewalls have had problems since they were first introduced -- they are complex, their rules are technical, and it's as easy to end up with a messy firewall as it is to end up with a messy desk," says Mike Lloyd, CTO of RedSeal Networks. "These realities persist with 'next-generation' approaches. Operations still outrun the headlights on occasion, moving rapidly in response to business pressure, but making mistakes and leaving poor records. Debris still accumulates in the same ways it always has."

As Lloyd puts it, every additional security control adds complexity, and that's no different in the field of advanced firewalls.